Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results
Download PDF
Share

Core risk management challenges in financial services regulatory compliance

Explore challenges, regulatory pressures and actions to take.

How KPMG can help: Regulatory and compliance transformation
Learn more

The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take. 

Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to core risk management.

Challenges

The role of core risk management continues to evolve as financial services companies balance key priorities including increasing risk efficiency, modernizing technology, enhancing effectiveness, and building programs that are scalable and resilient all while maintaining regulatory compliance. Additionally, core risk management is under increasing regulatory focus which can result in severe, and potentially public, action including significant financial penalties if thematic, pervasive, or systemic risk issues are identified and categorized as inadequate risk management. Timely adoption and implementation of actions to correct identified risk issues is a key component of heightened regulatory attention to risk management.

Common challenges include:

Demonstrating risk management effectiveness and adequate oversight over the control environment. With the rapid pace of change at financial institutions, risks are continually evolving and the control environment is constantly changing. In an ecosystem where systems, processes and people change regularly, organizations can struggle with knowing, monitoring, and appropriately addressing risk. This can present challenges when articulating the effectiveness of the control environment. Furthermore, examiners are focused on the effectiveness of testing programs including methodology, testing techniques, coverage, and frequency in addition to clearly defined testing roles across the three lines of defense.

Maintaining or enhancing effectiveness while undertaking cost reduction and efficiency initiative. As financial institutions explore efficiency levers including alternative sourcing strategies, consolidation of redundant risk functions and/or methodologies, rationalization of foundational risk data, integration of technology and automation use, and other risk-based scoping approaches to improve efficiency ratios, they must be careful to maintain the quality of risk outputs and identify and address any degradation of risk management effectiveness.

Establishing risk frameworks that are adaptable, are resilient and address areas of emerging regulatory focus.The adaptability and resilience of core risk management frameworks are under increased regulatory focus as firms manage through alternative/new business operating models and unexpected or severe events even as they also prepare for strategic growth through acquisition, the launch of new products and services, and integration of new or evolving regulatory expectations. (Regulatory expectations related to operational resiliency and cybersecurity continue to evolve and are further explored in the Operational Resiliency and Cybersecurity section of the report below.)

Moving to data driven assessments. Financial services firms are increasingly aware of the limitations of classical, judgement-based risk measurement and management approaches. Collectively, firms are looking to the power of data to augment their capabilities, strengthen risk management protocols, and drive business value through better risk analytics. However, many institutions have found that a significant data uplift and cleanse is required to enhance the quality of data and inputs prior to implementing these data driven techniques in addition to evaluating and potentially supplementing the data quality controls to maintain assessment inputs.

Increasing complexity. Large organizations have highly complex data and technology ecosystems that give rise to systemic risks and exploitable vulnerabilities. Once triggered, these risks can have runaway effect, with multiple, severe consequences. Furthermore, to meet enterprise level goals, organizations are using new innovative solutions and disruptive technologies but may lack adequate technology risk management processes, which can introduce new risks and business disruptions.

Regulatory pressures

  • Demonstrating risk management effectiveness, not simply remediation activities
  • Focusing on an integrated risk management approach across material risk types and lineage of risk data, outputs, and reporting
  • Balancing cost take out initiatives while still delivering core risk management requirements
  • Performing adequate monitoring, governance, and supervision over the internal control environment
  • Seeing examiner focus on conduct, operational resilience, and product lifecycle risk management
  • Scaling core risk management activities to keep pace with growth, acquisition, or changing external conditions
  • Evolving regulatory expectations for strong core risk management practices 
  • Moving to data driven and quantitatively supported risk and control assessments
  • Enhancing management and board reporting to increase transparency and risk data consumption

8 actions to take

  1. Evaluate existing core risk management activities, framework, and coverage for effectiveness and potential redundancies.
  2. Identify and evaluate the intended or unintended outcomes, cost reduction and efficiency initiatives to ensure regulatory obligations are met or exceeded.
  3. Evaluate existing risk frameworks for scalability to support firm strategy and growth objectives.
  4. Review recent changes to business operating models to ensure new or elevated risks are adequately accounted for in risk inventories/profile.
  5. Evaluate existing internal control environment approaches, scope, coverage, and responsibilities and strengthen, as appropriate, any gaps, potential exposures, or escalation issues.
  6. Enable data interoperability. Data and technology target state should enable the sharing/linkage of risk data across key risk categories, support aggregation of data, eliminate redundancies or overlaps in source systems, and provide a single source of truth for reporting purposes.
  7. Review, inventory, and cleanse (as needed) existing data and quality of data to support data driven assessments.
  8. Integrate technology risk management capabilities with broader risk strategy and align with enterprise and operational risk priorities that are supported through the use of technology, data, and skilled technology risk professionals.

Dive into our thinking:

Ten key regulatory challenges of 2021

Download PDF

Explore more

Meet our team

Image of Amy S. Matsuo
Amy S. Matsuo
Principal, U.S. Regulatory Insights & Compliance Transformation Lead, KPMG LLP
Read bio
Image of Tim Phelps
Tim Phelps
Risk Services Leader, KPMG US
Read bio
Image of Cameron Burke
Cameron Burke
Principal, Advisory, FS Risk, Regulatory & Compliance, KPMG US
Read bio
Image of Amy S. Matsuo
Amy S. Matsuo
Principal, U.S. Regulatory Insights & Compliance Transformation Lead, KPMG LLP
Read bio
Image of Tim Phelps
Tim Phelps
Risk Services Leader, KPMG US
Read bio
Image of Cameron Burke
Cameron Burke
Principal, Advisory, FS Risk, Regulatory & Compliance, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2024 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline